08-09-2017
I think you must patch your Solaris 10, then root is no longer exempted from the complexity rules.
man passwd on an old Solaris 10 says:
Quote:
In the files case, super-users (for instance, real and
effective uid equal to 0, see id(1M) and su(1M)) can change
any password. Hence, passwd does not prompt privileged users
for the old password. Privileged users are not forced to
comply with password aging and password construction
requirements. A privileged user can create a null password
by entering a carriage return in response to the prompt for
a new password.
While a newer Solaris 10 says
Quote:
The passwd command does not prompt authorized users for the
old password.
...
By default, even users authorized to change the password of
other users must comply with the configured password policy.
See pam_authtok_check(5).
This article suggests the change happened with Solaris 10 8/11.
BTW if you set the minimum password length to 8 then in fact you lower the security somewhat if you have
CRYPT_DEFAULT=__unix__ in /etc/security/policy.conf because it always limits the maximum password length to 8.
So you should change it to
CRYPT_DEFAULT=1 (
1 or
2a or
md5) to allow longer passwords! It also will create longer crypts in /etc/shadow, but can still understand the existing short Unix crypts.
This User Gave Thanks to MadeInGermany For This Post:
10 More Discussions You Might Find Interesting
1. Forum Support Area for Unregistered Users & Account Problems
Well, I get this email -
Hello,
You have requested to reset your password on The UNIX Forums forums because you have forgotten your password. If you did not request this, please ignore it. It will expire and become useless in 24 hours time.
To reset your password, please visit the... (1 Reply)
Discussion started by: zyx
1 Replies
2. Solaris
Hi,
I am looking for a simple way to :
- force the user to change his password following the first connexion
- check the complexity of a password (password should has a least 8 characters with 1 special char and 1 alpha...).
Thinks for your help (1 Reply)
Discussion started by: dbsora
1 Replies
3. Shell Programming and Scripting
Hi
I have a script which uses expect and I run it on solaris 10 to set a common password for all users. I run it as `./script password` but when I tried to log into the system then I do not really have to type password, pressing ENTER on keyboard logs the user into system. (ssh)
This below... (2 Replies)
Discussion started by: upengan78
2 Replies
4. Solaris
Hello All,
I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Discussion started by: tferrazz
8 Replies
5. Solaris
Boot device : /pci@1f,4000/scsi@3/disk@0,0:a File and args: -s cdrom
SunOS Release 5.9 Version Generic_118558-11 64-bit (6 Replies)
Discussion started by: agummad
6 Replies
6. Shell Programming and Scripting
Hello Friends,
I know this issue has been raised many times and hence I tried every resolution provided in the forum before I posted this issue again.
My Password-less RSA authentication was working fine for quite some time. Whenever the remote server password used to change I used to re-do... (5 Replies)
Discussion started by: mehimadri
5 Replies
7. Shell Programming and Scripting
Sorry to post this thread as it has been asked several times. But my question is that I need to write a shell script to transfer a file from machine A to machine B using sftp. I generated pvt-pub key pair and put pub key in machine b and lso make the pub file's permision 600. .ssh directory... (1 Reply)
Discussion started by: vsachan
1 Replies
8. SuSE
Hi,
I am setting password complexity in SLES 11. I am able to do most of things
pam-config -d --pwcheck
pam-config -a --cracklib
pam-config -a --cracklib-minlen=8
pam-config -a --cracklib-dcredit=-1
pam-config -a --cracklib-ocredit=-1
pam-config -a --pwhistory
pam-config -a... (1 Reply)
Discussion started by: solaris_1977
1 Replies
9. UNIX for Dummies Questions & Answers
Hi,
I have followed the below commands for key generation and ssh from one server to another with user mqm
cd /var/mqm/.ssh
mqm@A:~> ssh-keygen -t rsa
<public key creation>
mqm@A:~> ssh mqm@B mkdir -p .ssh
mqm@B's password: <entered_password>
mqm@A:~> cat /var/mqm/.ssh/id_rsa.pub | ssh... (4 Replies)
Discussion started by: Anusha M
4 Replies
10. UNIX for Beginners Questions & Answers
Hello Team,
Please help me to solve my Problem,
By mistake, I give full permission to /(root) directory. by using the following command "chmod -R 777 /"
after this, the client asks for the password to login via ssh. Before that, I an able to Login without a password.
Please help me to retrieve... (5 Replies)
Discussion started by: Shubham1182
5 Replies
LEARN ABOUT OSF1
yppasswd
yppasswd(1) General Commands Manual yppasswd(1)
NAME
yppasswd - change password in Network Information Service (NIS)
SYNOPSIS
yppasswd [name]
DESCRIPTION
Note
If Enhanced Security is enabled on your system, use the passwd command to change your password, even if NIS is in use.
The yppasswd command lets you change your password in the Network Information Service (NIS) map, a network data base service. Only you or
the superuser can change your NIS password.
When you enter the yppasswd command, the program prompts you for the old password and then for the new password. Note that the passwords
are not displayed on the screen.
Next, the program asks you for the new password again, to verify that you have typed it correctly. If you do not type the passwords cor-
rectly, you will receive an error message after you enter the new password.
Your new NIS password must meet one of the following requirements: It must be a combination of at least six alphanumeric characters, or It
must be a minimum of four characters, with at least one being non-alphanumeric, such as a control sequence.
Note
The passwd command does not change the NIS password. This command only changes the local password file (/etc/passwd), and not the NIS mas-
ter password file.
ERRORS
Your new password does not meet the minimum length requirement. You misspelled your new password or its verification. Your new password
can not be activated. It must be different from your old password and your login name.
FILES
Password file NIS directory
SEE ALSO
passwd(1), passwd(4), ypfiles(4), yppasswdd(8)
Network Administration
yppasswd(1)